The government is discussing the possibility of making IT security provision certification mandatory, in an effort to maintain quality control and develop a more responsibly-minded sector.
The Australian Information Industry Association (AIIA) has been hounding the government to install an appropriate security regime for some time, according to Michael Hedley, corporate relations manager for the AIIA.
This pressure resulted in the development of the PKI (personal key identification) gateway, however this is only the tip of the iceberg according to Hedley.
"The discussions around security involve a myriad of issues including liability, final responsibility, working with the US and other international entities to formulate a suitable system of regulation - regardless of whether Australia has enough skilled people to service this sector," said Hedley.
Preliminary blueprints to make IT security certification mandatory via legislation have been well received by security resellers who are increasingly nervous about being left holding the can on the liability front.
With the dramatic increase of financial and health services going online, Glen Miller, managing director of e-distributor Janteknology, said there is more need than ever, to ensure that the people giving advice are qualified to do so.
Miller said there is a lot of money to be made in IT security and a lot of it will be wasted in useless investments.
"Hot sectors attract cowboys, and that doesn't do any good for the guys who want to be around in a year's time," he said. "Anyone can set themselves up as a security provider, despite the fact they could have been selling dolls eyes, the day before."
However, the channel has only a brief window of opportunity to get their opinion heard before decisions are wrested from their control. Insurance companies have caught whiff of an added revenue stream and are closing in on the e-risk element of corporate networks. The Insurance Council of Australia began circulating e-commerce risk assessment tables earlier this year, which gauge vulnerability based on the impregnability of specific platforms.
Current legislation governing IT security1. Privacy Amendment Act 2000 comes into effect on December 21 2001 to regulate the handling of personal information by private sector organisations.
2. Electronic Transaction Act 1999 outlines responsibilities in disseminating information and the validity and integrity of electronic communications.
3. National Electronic Authentification Council (NEAC) works on legal liability for consumers and small businesses, and an SME Security (Authentication) Guide.
4. Institute of Online Security (IOS) is aimed at regulating IT security and improving standards.